2022-10-13 01:23:40 +00:00
|
|
|
- name: Install service configuration
|
|
|
|
copy:
|
|
|
|
src: "files/{{ item.src }}"
|
|
|
|
dest: "{{ item.dest }}"
|
|
|
|
mode: 0644
|
|
|
|
owner: root
|
|
|
|
group: wheel
|
|
|
|
loop:
|
|
|
|
- src: rc.conf
|
|
|
|
dest: /etc/rc.conf.d/pf
|
|
|
|
|
|
|
|
- name: Install PF configuration
|
|
|
|
copy:
|
|
|
|
src: "files/{{ item.src }}"
|
|
|
|
dest: "{{ item.dest }}"
|
|
|
|
mode: 0644
|
|
|
|
owner: root
|
|
|
|
group: wheel
|
|
|
|
validate: "pfctl -vnf %s"
|
|
|
|
notify: restart pf
|
|
|
|
loop:
|
|
|
|
- src: "{{ pf_config }}"
|
|
|
|
dest: /etc/pf.conf
|
|
|
|
|
|
|
|
- name: Check if pf is running
|
|
|
|
shell: service pf status
|
|
|
|
register: is_pf_running
|
|
|
|
failed_when: is_pf_running.rc != 0
|
|
|
|
ignore_errors: true
|
2022-10-13 02:11:39 +00:00
|
|
|
|
|
|
|
- name: Enable pflog
|
|
|
|
notify: restart pflog
|
|
|
|
community.general.sysrc:
|
|
|
|
name: pflog_enable
|
|
|
|
value: "YES"
|
|
|
|
path: /etc/rc.conf.d/pflog
|
|
|
|
when: pflog_conf|length > 0
|
|
|
|
|
|
|
|
- name: Disable pflog
|
|
|
|
notify: stop pflog
|
|
|
|
community.general.sysrc:
|
|
|
|
name: pflog_enable
|
|
|
|
value: "NO"
|
|
|
|
path: /etc/rc.conf.d/pflog
|
|
|
|
when: pflog_conf|length == 0
|
|
|
|
|
|
|
|
- name: Set pflog instances
|
|
|
|
notify: restart pflog
|
|
|
|
community.general.sysrc:
|
|
|
|
name: pflog_instances
|
|
|
|
value: "{{ pflog_conf|community.general.json_query('[].name')|join(' ') }}"
|
|
|
|
path: /etc/rc.conf.d/pflog
|
|
|
|
when: pflog_conf|length > 0
|
|
|
|
|
|
|
|
- name: Remove pflog instances
|
|
|
|
notify: stop pflog
|
|
|
|
community.general.sysrc:
|
|
|
|
name: jail_list
|
|
|
|
state: absent
|
|
|
|
path: /etc/rc.conf.d/pflog
|
|
|
|
when: pflog_conf|length == 0
|
|
|
|
|
|
|
|
- name: Set pflog device names
|
|
|
|
notify: restart pflog
|
|
|
|
community.general.sysrc:
|
|
|
|
name: "pflog_{{item.name}}_dev"
|
|
|
|
value: "{{ item.dev }}"
|
|
|
|
path: /etc/rc.conf.d/pflog
|
|
|
|
loop: "{{ pflog_conf }}"
|